You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2007/10/26 17:49:50 UTC
[jira] Closed: (GERONIMO-3111) pluggable Password Encryption
mechanism for Apache Geronimo.
[ https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-3111.
----------------------------------
Resolution: Fixed
Fix Version/s: 2.0.2
2.1
Assignee: David Jencks
Fixed in GERONIMO-2925.
> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
> Key: GERONIMO-3111
> URL: https://issues.apache.org/jira/browse/GERONIMO-3111
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
> Environment: All platforms & JDKs
> Reporter: Phani Balaji Madgula
> Assignee: David Jencks
> Fix For: 2.1, 2.0.2
>
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1.
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes
> admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option).
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs.
> But, having the above feature in the server will eliminate the need for the same.
> Thanks
> Phani
> Your comments on this issue are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.